Skip to content
Permalink
Browse files

remove cookie_path config option and default to a site-wide session i…

…nstead (the old behavior could be easily implemented in a subclass where needed).
  • Loading branch information...
flack committed Mar 12, 2019
1 parent 5ad1498 commit a5ea5ad85ed5b31d6785289907e41606a55838b6
@@ -68,8 +68,6 @@
* - <b>auth_backend_simple_cookie_secure:</b> Set the "secure" flag on cookie, defaults to true, applies only when actually using SSL/TLS
* - <b>auth_backend_simple_cookie_id:</b> The ID appended to the cookie prefix, separating
* auth cookies for different sites. Defaults to 1.
* - <b>auth_backend_simple_cookie_path:</b> Controls the valid path of the cookie,
* defaults to midcom_connection::get_url('self').
*
* <b>Cache configuration</b>
*
@@ -273,7 +271,6 @@ class midcom_config implements ArrayAccess
'auth_allow_trusted' => false,
'person_class' => 'openpsa_person',
'auth_backend_simple_cookie_path' => 'auto',
// set secure flag on cookie (applies only when using SSL)
'auth_backend_simple_cookie_secure' => true,
@@ -50,23 +50,17 @@ class midcom_services__sessioning extends Session
{
public function __construct()
{
$cookie_path = midcom::get()->config->get('auth_backend_simple_cookie_path');
if ($cookie_path == 'auto') {
$cookie_path = midcom_connection::get_url('self');
}
parent::__construct($this->prepare_storage(), new NamespacedAttributeBag('midcom_session_data'));
}
protected function prepare_storage()
{
$cookie_secure = ( !empty($_SERVER['HTTPS'])
&& $_SERVER['HTTPS'] !== 'off'
&& midcom::get()->config->get('auth_backend_simple_cookie_secure'));
$storage = $this->prepare_storage($cookie_path, $cookie_secure);
parent::__construct($storage, new NamespacedAttributeBag('midcom_session_data'));
}
protected function prepare_storage($cookie_path, $cookie_secure)
{
return new NativeSessionStorage([
'cookie_path' => $cookie_path,
'cookie_path' => midcom_connection::get_url('prefix'),
'cookie_secure' => $cookie_secure,
'cookie_httponly' => true
]);
@@ -12,11 +12,6 @@
* The simple auth backend uses cookies to store a session identifier which
* consists of the midgard person GUID.
*
* The validity of the cookie will be controlled by the configuration option
* <i>auth_backend_simple_cookie_path</i>:
*
* The path defaults to midcom_connection::get_url('self').
*
* The basic cookie id (username prefix) is taken from the config option
* <i>auth_backend_simple_cookie_id</i>, which defaults to 1
*
@@ -3,7 +3,7 @@
class mock_sessioning extends midcom_services__sessioning
{
protected function prepare_storage($cookie_path, $cookie_secure)
protected function prepare_storage()
{
return new MockArraySessionStorage();
}

0 comments on commit a5ea5ad

Please sign in to comment.
You can’t perform that action at this time.